Skip to Content
8-05-2008 @ 2:56PM
The authenticator works like RSA's SecurID. There is only ONE way to break it, and that is to have the serial number. So the serial number on the affected authenticator was compromised. No authenticator will display the same number twice, and no two authenticators will ever have the same number displayed. The serial number is tied to your login account in most cases. In older implementations, you had a dual login, first with your network account, and again with your SecurID (SN and random code)These are used by major corporations and financial institutions, and to my knowledge, as long as the 'key' is in the possesion of the proper person, there has never been a breech.
8-05-2008 @ 3:22PM
"No authenticator will display the same number twice, and no two authenticators will ever have the same number displayed."Given it's a 6 digit number, both assumptions are patently false. Assuming 1,000,000 possible numbers, it would take 694 days for all numbers to be used up - and then what? The authenticator explodes?Also assuming that there are more than 1,000,000 authenticators in use (maybe not yet, but there will be at some point), at any point in time, more than one authenticator will display the same code.Given that, I still don't know how much we can 100% trust this "source" that says his account was hacked with an authenticator. Given that the authenticator was never removed from the account, you have to assume that whoever hacked the account had access to the authenticator.
8-06-2008 @ 3:52AM
@Blake: this is why tokens have expiration dates. Even so, sometimes the numbers repeat, but even knowing which numbers have been shown in the past gives you zero ability to predict what the next number will be.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.